Category Started On Completed On Duration Cuckoo Version
FILE 2015-03-25 21:22:02 2015-03-25 21:24:55 173 seconds 1.3-dev
Machine Label Manager Started On Shutdown On
windows Cuckoo VirtualBox 2015-03-25 21:22:03 2015-03-25 21:24:53

File Details

File name 555.exe
File size 1831936 bytes
File type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
CRC32 733A3CAC
MD5 f9bb8bd33f4948bef62e95d8e2c500d4
SHA1 237f8ca4f67f4b63586e21c51848eb1b841676b1
SHA256 19480e0baebe1b516e5c26a023f3832370682968d1f452ff774bfa86b602a493
SHA512 ed51da4d21a0dc9551f43ceb821c8af53214e5834c3f8311e31b8ffa7a42d43d7fd35aba61ac22100713b8316e12e72b41ad46b5e54d8f6ce50a41de34a8e456
Ssdeep 49152:PYqdfmVaHjiEYJ1S2cUDbylZw77LQ0soN:PtfpGRJ1SxYGw
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2015-03-24 13:59:28
Detection Rate: 34/56 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Performs some HTTP requests
Lots of threads in other processes
Malfind detects an injected process
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Installs itself for autorun at Windows startup
PEB modified to hide loaded modules. Dll very likely not loaded by LoadLibrary
Malfind detects more than 3 injected processes
Kernel module without a name
Stopped Firewall service
Stopped Application Layer Gateway service

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

Files
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Windows\Microsoft.NET\Framework\\*
  • C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
  • C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
  • C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
  • C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Users\ADMINI~1\AppData\Local\Temp\555.exe.config
  • C:\Users\ADMINI~1\AppData\Local\Temp\555.exe
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\index80.dat
  • C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.INI
  • C:\Users
  • C:\Users\ADMINI~1
  • C:\Users\ADMINI~1\AppData
  • C:\Users\ADMINI~1\AppData\Local
  • C:\Users\ADMINI~1\AppData\Local\Temp
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
  • C:\Device\KsecDD
  • C:\Users\ADMINI~1\AppData\Local\Temp\555.INI
  • C:\Windows\assembly\pubpol1.dat
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.INI
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.INI
  • C:\Users\Administrator\AppData\Roaming\svchost.exe
  • C:\Windows\system32\SHELL32.dll
  • C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
  • C:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
  • C:\Users\Administrator\Desktop\desktop.ini
  • C:
  • MountPointManager
  • C:\
  • Users
  • C:\Users\desktop.ini
  • Administrator
  • C:\Users\Administrator
  • Searches
  • C:\Users\Administrator\Searches\desktop.ini
  • Videos
  • C:\Users\Administrator\Videos\desktop.ini
  • Pictures
  • C:\Users\Administrator\Pictures\desktop.ini
  • Desktop
  • Contacts
  • C:\Users\Administrator\Contacts\desktop.ini
  • Favorites
  • C:\Users\Administrator\Favorites\desktop.ini
  • Music
  • C:\Users\Administrator\Music\desktop.ini
  • Downloads
  • C:\Users\Administrator\Downloads\desktop.ini
  • Documents
  • C:\Users\Administrator\Documents\desktop.ini
  • Links
  • C:\Users\Administrator\Links\desktop.ini
  • Saved Games
  • C:\Users\Administrator\Saved Games\desktop.ini
  • C:\Windows\System32\shdocvw.dll
  • C:\Windows\system32\en-US\SHELL32.dll.mui
  • IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • STORAGE#Volume#{7eea3db1-1e8b-11e4-9951-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • STORAGE#Volume#{7eea3db1-1e8b-11e4-9951-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  • C:\Users\Administrator\AppData
  • C:\Users\Administrator\AppData\Roaming
  • C:\Users\Administrator\AppData\Roaming\svchost.exe.config
  • C:\Users\Administrator\AppData\Roaming\svchost.INI
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.INI
  • C:\Windows\system32\rsaenh.dll
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.INI
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
  • C:\Windows\system32\en-US\KERNELBASE.dll.mui
  • Nsi
  • C:\DEVICE\NETBT_TCPIP_{0AA2F3F6-6018-4DD7-BF2C-BC83D878CD68}
  • C:\DEVICE\NETBT_TCPIP_{E29AC6C2-7037-11DE-816D-806E6F6E6963}
  • C:\Windows\system32\tzres.dll
  • C:\Windows\system32\en-US\tzres.dll.mui
  • C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Mutexes
  • Bot executed
  • Local\ZonesCounterMutex
  • Local\ZoneAttributeCacheCounterMutex
  • Local\ZonesCacheCounterMutex
  • Local\ZonesLockedCacheCounterMutex
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\\v4.0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\\default
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\555.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\index80
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  • Software\Microsoft\Rpc
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName
  • Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\635747c0\327b2b3f
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\7ac727df\4c76d55c
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\7ac727df\4c76d55c\7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\3
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\77165922\6b6524e6\4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\4c76d55c\14c565de\5
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  • Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
  • {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
  • PropertyBag
  • KnownFolders
  • Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
  • Software\Microsoft\Windows\CurrentVersion\Explorer
  • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\555.exe
  • CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • Drive\shellex\FolderExtensions
  • Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_LOCAL_MACHINE\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • .exe
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.exe
  • .exe\OpenWithProgids
  • HKEY_LOCAL_MACHINE\Software\Classes\.exe\OpenWithProgids
  • UserChoice
  • exefile
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\CurVer
  • CurVer
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\ShellEx\IconHandler
  • ShellEx\IconHandler
  • SystemFileAssociations\.exe
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\DocObject
  • DocObject
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\DocObject
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\BrowseInPlace
  • BrowseInPlace
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\BrowseInPlace
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Clsid
  • Clsid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\Clsid
  • Software\Microsoft\COM3
  • CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs
  • TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\Progid
  • Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32
  • InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32
  • InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler
  • InprocHandler
  • Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
  • Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
  • Directory
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory\CurVer
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory\ShellEx\IconHandler
  • Folder
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Folder\ShellEx\IconHandler
  • AllFilesystemObjects
  • HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\ShellEx\IconHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory\DocObject
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Folder
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Folder\DocObject
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\DocObject
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory\BrowseInPlace
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Folder\BrowseInPlace
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\BrowseInPlace
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Directory\Clsid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Folder\Clsid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\Clsid
  • CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\ShellFolder
  • Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
  • CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InProcServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocHandler
  • {7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}
  • Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4043008248-2851492338-1992526481-500
  • {48DAF80B-E6CF-4F4E-B800-0E69D84EE384}
  • {33E28130-4E1E-4676-835A-98395C3BC3BB}
  • {D9DC8A3B-B784-432E-A781-5A1130A75963}
  • {8983036C-27C0-404B-8F08-102D10DCFD74}
  • {A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
  • {AE50C081-EBD2-438A-8655-8A092E34987A}
  • {9274BD8D-CFD1-41C3-B35E-B13F55A758F4}
  • {DFDF76A2-C82A-4D63-906A-5644AC457385}
  • {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
  • {15CA69B3-30EE-49C1-ACE1-6B5EC372AFB5}
  • {905E63B6-C1BF-494E-B29C-65B732D3D21A}
  • {FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
  • {B97D20BB-F46A-4C97-BA10-5E3608430854}
  • Software\Policies\Microsoft\Windows\Explorer
  • Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace
  • Software\Microsoft\Windows\CurrentVersion\Explorer\UsersFiles\NameSpace\DelegateFolders
  • UsersFiles\NameSpace
  • UsersFiles\NameSpace\DelegateFolders
  • CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\ShellFolder
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\ShellFolder
  • Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\ShellFolder
  • CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InProcServer32
  • Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • AppCompatFlags\Layers
  • Custom\shdocvw.dll
  • CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocHandler
  • CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance
  • CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InProcServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InProcServer32
  • CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance\InitPropertyBag
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\ShellEx\DataHandler
  • ShellEx\DataHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.exe\ShellEx\DataHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\ShellEx\DataHandler
  • *
  • HKEY_LOCAL_MACHINE\Software\Classes\*
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\ShellEx\DataHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\ShellEx\DataHandler
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shellex\ContextMenuHandlers
  • shellex\ContextMenuHandlers
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shellex\ContextMenuHandlers\Compatibility
  • Compatibility
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\shellex\ContextMenuHandlers
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\Open With
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\Sharing
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\WinRAR
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\CopyAsPathMenu
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SendTo
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{596AB062-B4D2-4215-9F74-E9109B0A8153}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{C2FBB630-2971-11D1-A18C-00C04FD75D13}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\{C2FBB631-2971-11D1-A18C-00C04FD75D13}
  • CLSID\{C2FBB631-2971-11D1-A18C-00C04FD75D13}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2FBB631-2971-11D1-A18C-00C04FD75D13}\shellex\MayChangeDefaultMenu
  • CLSID\{C2FBB630-2971-11D1-A18C-00C04FD75D13}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2FBB630-2971-11D1-A18C-00C04FD75D13}\shellex\MayChangeDefaultMenu
  • CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{596AB062-B4D2-4215-9F74-E9109B0A8153}\shellex\MayChangeDefaultMenu
  • CLSID\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{474C98EE-CF3D-41F5-80E3-4AAB0AB04301}\shellex\MayChangeDefaultMenu
  • CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7BA4C740-9E81-11CF-99D3-00AA004AE837}\shellex\MayChangeDefaultMenu
  • CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F3D06E7C-1E45-4A26-847E-F9FCDEE59BE0}\shellex\MayChangeDefaultMenu
  • CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A2A9545D-A0C2-42B4-9708-A0B2BADD77C8}\shellex\MayChangeDefaultMenu
  • CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{90AA3A4E-1CBA-4233-B8BB-535773D48449}\shellex\MayChangeDefaultMenu
  • CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\shellex\MayChangeDefaultMenu
  • CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6}\shellex\MayChangeDefaultMenu
  • CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A470F8CF-A1E8-4F65-8335-227475AA5C46}\shellex\MayChangeDefaultMenu
  • CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\MayChangeDefaultMenu
  • CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\NoAddToRecent
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}\shellex\NoAddToRecent
  • CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\OverrideFileSystemProperties
  • CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}
  • ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
  • HKEY_LOCAL_MACHINE\Software\Classes\ExplorerCLSIDFlags\{66742402-F9B9-11D1-A202-0000F81FEDEE}
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
  • CLSID\{09799AFB-AD67-11D1-ABCD-00C04FC30936}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}
  • CLSID\{1D27F844-3A1F-4410-85AC-14651078412D}\shellex\MayChangeDefaultMenu
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D27F844-3A1F-4410-85AC-14651078412D}\shellex\MayChangeDefaultMenu
  • CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Shell
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\open
  • open
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Shell\open
  • Shell\open
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\open\command
  • command
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\open\DropTarget
  • DropTarget
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\open\command\SupportedProtocols
  • command\SupportedProtocols
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runas
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Shell\runas
  • Shell\runas
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runas\command
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runas\DropTarget
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runas\command\SupportedProtocols
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runasuser
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Shell\runasuser
  • Shell\runasuser
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\runasuser\command
  • Software\Microsoft\Windows\CurrentVersion\Policies\CredUI
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{21B22460-3AEA-1069-A2DC-08002B30309D}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\SystemFileAssociations\.exe\Shell
  • Shell
  • Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • .ade
  • HKEY_LOCAL_MACHINE\Software\Classes\.ade
  • .adp
  • HKEY_LOCAL_MACHINE\Software\Classes\.adp
  • .app
  • HKEY_LOCAL_MACHINE\Software\Classes\.app
  • .asp
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.asp
  • .bas
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.bas
  • .bat
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.bat
  • .cer
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.cer
  • .chm
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.chm
  • .cmd
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.cmd
  • .com
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.com
  • .cpl
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.cpl
  • .crt
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\.crt
  • .csh
  • HKEY_LOCAL_MACHINE\Software\Classes\.csh
  • CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocHandler
  • Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
  • HKEY_LOCAL_MACHINE\Software\Policies
  • HKEY_CURRENT_USER\Software\Policies
  • HKEY_CURRENT_USER\Software
  • HKEY_LOCAL_MACHINE\Software
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Security
  • Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • {7eea3db8-1e8b-11e4-9951-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
  • SessionInfo\1
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\Progid
  • Software\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\exefile\shell\open\ddeexec
  • ddeexec
  • Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\5a8de2c3\1dfa8c62
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\5a8de2c3\1dfa8c62\5e
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\ecd2583\5d7d83cc\4b
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\2f66e4ee\400ce7c1\67
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1dfa8c62\5766bfaf\3f
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes
  • AppID\svchost.exe
  • HKEY_LOCAL_MACHINE\Software\Classes\AppID\svchost.exe
  • SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • Software\Policies\Microsoft\Cryptography
  • Software\Microsoft\Cryptography\Offload
  • Interface\{00000134-0000-0000-C000-000000000046}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
  • HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
  • CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler
  • HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
  • CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
  • CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
  • Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
  • CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
  • Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
  • Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
  • CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
  • Interface\{027947E1-D731-11CE-A357-000000000001}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
  • CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
  • Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
  • Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500_Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
  • Software\Microsoft\Cryptography\DESHashSessionKeyBackward
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\159a66b8\5d94bc56\e
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\6faf58\34f474d5
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\6faf58\34f474d5\d
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\10ac776b\6310c234\1e
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
  • Software\Microsoft\Tracing\svchost_RASAPI32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • HKEY_USERS\S-1-5-21-4043008248-2851492338-1992526481-500\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • Software\Microsoft\Tracing\svchost_RASMANCS
  • System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
  • credssp.dll
  • System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
  • {0aa2f3f6-6018-4dd7-bf2c-bc83d878cd68}
  • SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{E29AC6C2-7037-11DE-816D-806E6F6E6963}
  • Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
  • SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0AA2F3F6-6018-4DD7-BF2C-BC83D878CD68}
  • System\CurrentControlSet\Services\DnsCache\Parameters
  • Software\Policies\Microsoft\Windows NT\DnsClient
  • System\CurrentControlSet\Services\DNS
  • System\Setup
  • SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig
  • System\CurrentControlSet\Services\DnsCache\Parameters\DnsPolicyConfig
  • Software\Policies\Microsoft\System\DNSClient
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\1c22df2f\6ae28f47\2e
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\26
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\11
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\15
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\3d37e654\7e3a5608\10
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\2ab76b15\635d73e9\46
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\6ae28f47\f854f2d\47
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.6.0.Newtonsoft.Json__30ad4fe6b2a6aeed
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.6.0.Newtonsoft.Json__30ad4fe6b2a6aeed
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3175ab79\8eb3a7b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4043008248-2851492338-1992526481-500\Installer\Assemblies\C:|Users|Administrator|AppData|Roaming|svchost.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Administrator|AppData|Roaming|svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Administrator|AppData|Roaming|svchost.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4043008248-2851492338-1992526481-500\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  • SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001

Processes

registry filesystem process services network synchronization

555.exe PID: 2604, Parent PID: 2152

svchost.exe PID: 2776, Parent PID: 2604

Volatility

Mutantscan Scanning the whole system for Mutexes (help)
Malfind Scanning for injections (help)
Apihooks Listing API hooks (help)
PSList Listing processes (help)
PSXView Listing hidden processes (help)
DllList Listing loaded DLLs (help)
Handles Listing handles (help)
Callbacks Listing registered callbacks (help)
Messagehooks Registered Messagehooks (help)
Getsids Sids (help)
Privs Privileges (help)
Ldrmodules Listing hidden and loaded DLLs (help)
Devicetree Listing devices and drivers (help)
Svcscan Scanning for services (help)
Modscan Scan for (hidden) kernel drivers (help)
IDT Listing IDTs (help)
Timers Listing timers (help)